[cisco-nas] Blocking CLID

Aaron Leonard Aaron at cisco.com
Mon Mar 28 11:32:41 EST 2005


One more comment on this ... if you are taking calls that
are failing due to them coming from "some jerk" rather
than due to your MICA modems failing, then you will
want to disable modem recovery - this will keep the modems
from thinking that they are bad and trying to reload portware.

Modem recovery was a recommended feature back in the
bad old days when we were experiencing a fair number of
MICA code problems, where the modems would crash or
hang and have to be reloaded.  However, with recent MICA
portware (2.7.4.0, 2.9.4.0 or 2.9.5.0), we virtually never see
such problems, so it's recommended NOT to run modem
recovery any more (and, if you are running older portware,
we'd recommend that you upgrade.)

Regards,

Aaron

---


Patrik Forsberg wrote:

>Yea, that worked!
>Thanks alot :)
>
>//patrik 
>
>  
>
>>-----Original Message-----
>>From: Oliver Boehmer (oboehmer) [mailto:oboehmer at cisco.com] 
>>Sent: den 26 mars 2005 11:05
>>To: Patrik Forsberg; cisco-nas at puck.nether.net
>>Subject: RE: [cisco-nas] Blocking CLID
>>
>>Hi,
>>
>>try this config
>>
>>resource-pool enable
>>!
>>resource-pool group resource ISDN
>> ! number of b-channels
>> range limit 120
>>!
>>resource-pool group resource MODEM
>> ! needs to be adapated
>> range port 1/0 1/59
>> range port 2/0 2/59
>>!
>>resource-pool profile customer ALLOWED
>> limit base-size all
>> limit overflow-size 0
>> resource ISDN digital 
>> resource MODEM speech 
>> resource MODEM V110 
>> dnis group default
>>!
>>resource-pool profile discriminator BLOCKED
>> call-type all
>> dnis group blockedDNIS
>>!
>>dialer dnis group blockedDNIS
>> number 1234567
>> number 2345678
>>
>>Take a look at
>>http://www.cisco.com/univercd/cc/td/doc/product/software/ios12
>>1/121newft
>>/121t/121t5/dtclid.htm, this requires 12.3
>>
>>You might also want to investigate ISDN pre-authentication. 
>>This way the
>>NAS will send an access-request to your Radius server with the dnis or
>>clid prior to answering the call. If it receives an access-reject, the
>>call is dropped:
>>http://www.cisco.com/univercd/cc/td/doc/product/software/ios12
>>1/121newft
>>/121t/121t2/dtpreaut.htm
>>I'd somewhat prefer this solution to meet your objectives 
>>since you can
>>configure this centrally on the Radius instead of maintaining the list
>>of numbers on your NAS..
>>
>>	oli
>>
>>Patrik Forsberg <> wrote on Saturday, March 26, 2005 10:07 AM:
>>
>>    
>>
>>>Hi,
>>>
>>>I'm got a AS5300 sitting as a central NAS accepting calls from our
>>>users. The problem I'm currently facing is that I've got some jerk
>>>phoning in to my NAS and then cuts the line after like 20s. I would
>>>like to block these in the NAS and after reading a few 
>>>      
>>>
>>web-resources I
>>    
>>
>>>figured that a resource-pool could solve my problem. I did all, from
>>>what I thought, nessesery configurations and enabled resource-pool.
>>>What happend after that is that calls get acceptet but they 
>>>      
>>>
>>dont seem
>>    
>>
>>>to be sent to the modems for some reason.
>>>I'm using MICA modules for modems. For whatever reason the 
>>>      
>>>
>>modems seem
>>    
>>
>>>to think of these calls as "bad" and those push the 
>>>      
>>>
>>bad-counter up and
>>    
>>
>>>then end up reloading its firmware over and over again to try to fix
>>>the issue. The problem is also that the calls aint identified as
>>>digital but as speech and thos I had to block them on that level.
>>>
>>>Can someone help me out with a "working" setup for the above
>>>resource-pool configuration ?
>>>
>>>Please help,
>>>Patrik
>>>
>>>_______________________________________________
>>>cisco-nas mailing list
>>>cisco-nas at puck.nether.net
>>>https://puck.nether.net/mailman/listinfo/cisco-nas
>>>      
>>>
>
>_______________________________________________
>cisco-nas mailing list
>cisco-nas at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nas
>  
>



More information about the cisco-nas mailing list